24cd75450d61db614c1f534ff5ccc09eda8d16a30fc646903177d2047e507cea

Analysis

max time kernel
9s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
Size

1.3MB
MD5

3956e9a0ff2728ee118475d4c9b73490
SHA1

331f3dc337dd5bd884429f5b8ca2b7a2de614140
SHA256

24cd75450d61db614c1f534ff5ccc09eda8d16a30fc646903177d2047e507cea
SHA512

6021650da5b480d58bbe77fc71ad18e342096421f582eca90a576d2d02fce0fc2bd65dad8463018897693bc3f2eca6dc79b47d5eab2c14f3e868afa6018d872e
SSDEEP

24576:86aUnCrkzd40Vv9vst9TPv6nDT+hZnMbYyQJoAgYFtoC7P5h3:5ari40Vlu9TE65Vg+tBt

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\J:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\L:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\P:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\X:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\H:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\N:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\O:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\R:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\S:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\A:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\G:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\I:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\M:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\T:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\U:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\V:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\B:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\K:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File opened (read-only)	\??\W:	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\horse girls shoes .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang bukkake catfight leather (Anniston,Sylvia).avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling uncut titts sm (Sarah).avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese kicking bukkake [milf] lady .rar.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian gang bang xxx [bangbus] stockings .avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\hardcore catfight cock redhair .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\swedish handjob bukkake licking (Jade).mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black handjob horse [bangbus] YEâPSè& .mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking lesbian leather .rar.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast several models fishy .zip.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\italian action hardcore lesbian wifey .zip.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian horse hardcore big 50+ .avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish nude hardcore big (Sarah).mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB476.tmp\trambling [milf] glans .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish beastiality lingerie [free] feet .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lingerie girls glans .zip.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling masturbation lady .rar.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx licking titts sm .rar.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\horse [free] hole .avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe

Drops file in Windows directory 22 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish handjob sperm hidden (Jade).avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian porn hardcore full movie mature (Sandy,Jade).zip.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\hardcore [milf] hole black hairunshaved (Melissa).avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\danish cum lesbian catfight glans fishy .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\security\templates\danish handjob fucking public .mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian handjob trambling masturbation hole .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse public glans .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\black kicking trambling big feet balls .rar.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\tyrkish gang bang horse catfight fishy .mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish action lesbian licking .mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\american animal hardcore [free] .avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian action fucking voyeur .avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse big titts pregnant .mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese cum hardcore full movie cock sweet .mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob sleeping feet bedroom (Samantha).mpeg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish cumshot lesbian uncut .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american handjob blowjob masturbation titts .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian horse lesbian hot (!) feet traffic .zip.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american horse sperm uncut cock 50+ .avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\lesbian [bangbus] cock .mpg.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\blowjob [free] titts bedroom (Liz).avi.exe	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
5016	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
5016	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
3828	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
3828	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
4768	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
4768	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
3436	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
3436	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
3556	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
3556	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 888	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	86
PID 1948 wrote to memory of 888	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	86
PID 1948 wrote to memory of 888	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	86
PID 888 wrote to memory of 5016	888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	88
PID 888 wrote to memory of 5016	888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	88
PID 888 wrote to memory of 5016	888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	88
PID 1948 wrote to memory of 3828	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	87
PID 1948 wrote to memory of 3828	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	87
PID 1948 wrote to memory of 3828	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	87
PID 888 wrote to memory of 3436	888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	89
PID 888 wrote to memory of 3436	888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	89
PID 888 wrote to memory of 3436	888	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	89
PID 1948 wrote to memory of 4768	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	90
PID 1948 wrote to memory of 4768	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	90
PID 1948 wrote to memory of 4768	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	90
PID 5016 wrote to memory of 3556	5016	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	91
PID 5016 wrote to memory of 3556	5016	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	91
PID 5016 wrote to memory of 3556	5016	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	91
PID 3828 wrote to memory of 1980	3828	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	92
PID 3828 wrote to memory of 1980	3828	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	92
PID 3828 wrote to memory of 1980	3828	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	92
PID 4768 wrote to memory of 4836	4768	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	98
PID 4768 wrote to memory of 4836	4768	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	98
PID 4768 wrote to memory of 4836	4768	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	98
PID 1948 wrote to memory of 348	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	99
PID 1948 wrote to memory of 348	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	99
PID 1948 wrote to memory of 348	1948	3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe	99

C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:888
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        8⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:11980
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:12824
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13512
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13140
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:14404
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13036
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:12272
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        7⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:452
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13972
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13008
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13504
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5076
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:11352
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:9116
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:12260
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4768
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        6⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:11748
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:12212
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:11592
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:12096
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:8336
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:11244
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  PID:348
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13392
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13000
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13184
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:8660
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:11740
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  PID:1528
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
        5⤵
        
        PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:9452
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:12936
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:12512
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:8680
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:12024
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  PID:5408
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
      4⤵
      PID:13284
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:8668
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:11828
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  PID:6700
- - C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
    3⤵
    PID:13212
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  PID:8576
- C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3956e9a0ff2728ee118475d4c9b73490_NeikiAnalytics.exe"
  2⤵
  PID:11672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang bukkake catfight leather (Anniston,Sylvia).avi.exe

Filesize
2.0MB

MD5
fe00c4641f5435fe3d6902602a9d32e2

SHA1
e3a85be727b9f094352c53729565c334a92af89c

SHA256
bd70047573db830e8398725e33539348547fc9e0c3aff0759ff1bb395cf74523

SHA512
d5bae444a33cd227d86862399bb61e508d7799aa4cb9c81232e8e466b8ad3b83c11b984d4a36163179f15f2da17f270ba638d4f83980f777f3330f7f7485c974

Download Submit